Help with "switchport trunk allowed vlan" - Page 2

whiteford · ‎02-27-2009

Hi,

I have a Cisco ASA 5520 which has a 3750 trunked off it (see diagram, ingore the ASA standby).

Everything is working, but I can see the follwoing vlans are allowed through the trunk - 3,4,6,7,9,10,300, but vlan 2 isn't in this allow list and it still works.

interface FastEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,6,7,9,10,300

switchport mode trunk

I'm doing a packet capture on this port and what to filter traffic based on vlan tag ID, but vlan 2 doesn't show up in the capture only the ones mentioned above.

adamclarkuk_2 · ‎02-28-2009

That is what I was sayin, access ports do not tag frames only trunks do

whiteford · ‎02-28-2009

So what I am trying to do is not possible? I would just mean I can filter traffic in observer based on vlan.

adamclarkuk_2 · ‎02-28-2009

If you want to see the traffic coming from vlan 2 then yes, just add the interface connected to the asa inside interface to your monitor session, if you want to see vlan 2 tags then you will need to add vlan 2 to your trunk (but I don't know why you would want to do that).

whiteford · ‎02-28-2009

"If you want to see the traffic coming from vlan 2 then yes, just add the interface connected to the asa inside interface to your monitor session"

It is, as in the diag etc it's fas1/0/3 and the monitor session in my previous post show this.

adamclarkuk_2 · ‎02-28-2009

Hmmmm, then any traffic passing through that terrace should show up?

whiteford · ‎02-28-2009

I see all the correct packet info from the monitor ports except the tags, I understand now from you that vlan 2 will never show up, but I would of thought vlan 3 would(this does show up if I monitor the trunk but 2 doesn't as you mentioned).

adamclarkuk_2 · ‎02-28-2009

So are you cool, or do you need to know anything else?